Application security: Getting it right, from the start
Security testing data is “the unsung hero” of securing application development. It’s the backbone of application development quality, compliance and risk management, and rests …
security testing
SecOps teams face challenges in understanding how security tools work
Security professionals are overconfident in their tools with 50% reporting that they have experienced a security breach because one or more of their security products was not …
The rise of continuous crowdsourced security testing for compliance
A large percentage of organizations and institutions are moving toward a rigorous, continuous testing model to ensure compliance, a Synack report reveals. As part of this …
CrackQ: Efficient password cracking for pentesters and red teamers
CrackQ employs automation to make password cracking a faster and more efficient undertaking for pentesters and red teamers. CrackQ dashboard “Regular security testing is …
Most IT pros find red team exercises more effective than blue team testing
More than one-third of security professionals’ defensive blue teams fail to catch offensive red teams, a study from Exabeam reveals. The survey, conducted at Black Hat USA …
Organizations that scan applications in production have a reduced risk of being breached
Despite a significantly increased focus on application security testing, remediation rates for vulnerabilities continue to shrink, according to WhiteHat Security. Setu …
Microsoft’s Attack Surface Analyzer now works on Macs and Linux, too
Microsoft has rewritten and open-sourced Attack Surface Analyzer (ASA), a security tool that points out potentially risky system changes introduced by the installation of new …
Should you trust that Chrome extension? Use CRXcavator to decide
Duo Security has released CRXcavator, a tool that can help end users and enterprises make an informed decision about installing a specific Chrome extension. About CRXcavator …
Making informed decisions: The importance of data driven security
When deciding what product to buy, the information the vendor offers about the product is helpful, but not nearly enough: you need to analyze individual product results and …
Automating web app testing to secure your environment
In this podcast recorded at RSA Conference 2018, Dave Ferguson, Director, Product Management for Web Application Security at Qualys, talks about the challenges and benefits of …
Hacking for fun and profit: How one researcher is making IoT device makers take security seriously
We should all be so lucky to enjoy our work as much as Ken Munro does. Generally attracted by research that “looks fun” and particularly interested in probing the …
Five smart TVs tested for security, privacy issues
As more and more smart TVs are sold worldwide, consumers should be aware of the risks associated with this technology. Consumer Union, a US-based nonprofit organization …
